What's Changed Features

• Add process memory scanning capability to yara table by @brian-mckinney in #8782
• Split yara tables into yara_process and yara_file by @brian-mckinney in #8835
• Add Windows process_open_handles table by @brian-mckinney in #8795
• Add secureboot_certificates table for Linux by @zwass in #8844
• Extend python_packages and npm_packages to cover modern package managers by @ariary in #8801
• Add level filtering to the unified_log table by @directionless in #8788
• Disallow newlines in curl custom headers by @directionless in #8787
• Supplement LaunchServices with directory scanning in apps table (#8789) by @getvictor in #8790
• Command line flags for query input and output by @directionless in #8786
• New header-based authentication mechanism for remote APIs by @juan-fdz-hawa in #8805
• Add recursion to npm_packages by @directionless in #8809
• Make profile.py performance thresholds configurable via CLI flags by @stefanamaerz in #8841
• Add ROOT\default to WMI tables by @directionless in #8810 Build & Dependencies
• Update expat to 2.7.4 to fix CVE-2026-25210 by @Sampriti2803 in #8794
• Fix GCC 15 compatibility by @carlsmedstad in #8837 Fixes
• Fix macOS keychain corruption when accessing non-SSV keychain files by copying to temporary files first by @lucasmrod in #8840
• Fix incorrect example queries in table specs by @edwardsb in #8791
• Improve network_name detection on macOS wifi_status table by @lucasmrod in #8781
• Fix a bug in apt_sources parsing by @directionless in #8785
• Add NOCASE and VERSION collation to various columns by @directionless in #8813
• Increase the limit on systemd unit iteration by @directionless in #8802
• Fix format string vulnerability in shell.cpp disconnect_socket() by @directionless in #8824
• Fix saving file times in file carves by @zwass in #8819
• Fix empty results from office_mru table by @thierryfranzetti in #8838
• Fix multiple security vulnerabilities in smc_keys.cpp by @directionless in #8820
• Fix gatekeeper table on macOS 15+ by @thierryfranzetti in #8831
• Fix container bounds checking vulnerabilities by @directionless in #8825
• Reduce noisy logs from chrome_extensions by @lucasmrod in #8792 New Contributors
• @edwardsb made their first contribution in #8791
• @Sampriti2803 made their first contribution in #8794
• @ariary made their first contribution in #8801
• @juan-fdz-hawa made their first contribution in #8805
• @thierryfranzetti made their first contribution in #8838
• @stefanamaerz made their first contribution in #8841 Full Changelog: 5.22.1...5.23.0